[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: How enforce TLS connection to openldap server only?


Quanah showed me the link to the man page. But you have to search for
specific openldap command in order to see the documentation.
If I just search for a keyword like olcSecurity, nothing comes up.
A wiki knowledgebase will definitely help a lot!

Thanks a lot!


-----Original Message-----
From: openldap-technical-bounces@OpenLDAP.org
[mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Khosrow
Sent: Thursday, September 20, 2012 1:36 PM
To: openldap-technical@openldap.org
Subject: Re: How enforce TLS connection to openldap server only?

On September 20, 2012 09:59:05 AM Quanah Gibson-Mount wrote:
> --On Thursday, September 20, 2012 9:58 AM -0700 Quanah Gibson-Mount
> <quanah@zimbra.com> wrote:
> > --On Thursday, September 20, 2012 12:02 PM -0400 Yan Gong
> > 
> > <yan@fabric.com> wrote:
> >> Peter:
> >> 
> >> Thanks for the confirmation!
> >> I only used olcSecurity, not olcAccess to enforce the TLS connection.
> >> Man, I wish there is more detailed, updated and user-friendly 
> >> information about OpenLdap on the web.
> >> I guess, that's why people are turning to Active Directory because 
> >> it is much easier to use.
> > 
> > It is documented in the manual pages, which are both on the web, and 
> > ship with the software itself.  Lack of comprehension does not mean 
> > lack of documentation.
> > 
> > If you think AD is LDAP, then you are in for a world of hurt.
> Meant to send this to the list. ;)

I agree with Quanah that documentation is there, I also think Yan is
correct that the information is not very easy to find.

I've used the Admin Guide and the Faq-O-Matic on many occassions and found
them a good starting point, but not the final answer. I think a wiki-style
documentation where the user commuity could more easily contribute to the
knowledge base may be a helpful thing.

Having said all that, there may already be something like that and I just
don't know about it. 

I can start a new thread if more people want to chime in since I don't
want to derail the original thread here.